Fwd: [SECURITY] Critical vulnerability in Gluon - Bugfix release on Thursday, 2022-05-05
Axel Beckert
abe at deuxchevaux.org
Di Mai 3 15:54:03 CEST 2022
Hi,
On Tue, May 03, 2022 at 11:15:33AM +0200, David Lutz via ff3l wrote:
> So wie es aussieht gibt es eine gravierende Sicherheitslücke in Gluon.
>
> Wie gravierend weiß ich nicht, jedoch ist sie wohl gravierend genug, dass
> weitere Details erst am Donnerstag bekannt gegeben werden
Es sieht so aus, als wäre die Katze aus dem Sack:
https://www.bleepingcomputer.com/news/security/unpatched-dns-bug-affects-millions-of-routers-and-iot-devices/
Jedenfalls klingt das schwer danach:
»A vulnerability in the domain name system (DNS) component of a
popular C standard library that is present in a wide range of IoT
products may put millions of devices at DNS poisoning attack risk.
A threat actor can use DNS poisoning or DNS spoofing to redirect the
victim to a malicious website hosted at an IP address on a server
controlled by the attacker instead of the legitimate location.
The library uClibc and its fork from the OpenWRT team, uClibc-ng.
Both variants are widely used by major vendors like Netgear, Axis, and
Linksys, as well as Linux distributions suitable for embedded
applications.«
Gruss, Axel
--
PGP: 2FF9CD59612616B5 /~\ Plain Text Ribbon Campaign, http://arc.pasp.de/
Mail: abe at deuxchevaux.org \ / Say No to HTML in E-Mail and Usenet
Mail+Jabber: abe at noone.org X
https://axel.beckert.ch/ / \ I love long mails: https://email.is-not-s.ms/
Mehr Informationen über die Mailingliste ff3l